UPDATE: I noticed that I replace OSSEC with your proposal for OSSIM. I didn't look for OSSIM for now. I will look for OSSIM.

Today I wanted to set it up, but then I noticed that I need another host on my LAN, with Unix system to be a OSSEC server. Maybe I will prepared one old box and equipped it with Ubuntu. Then I could set up all in one (server, agent).

My question here is, do I have to install OSSEC agent on my own box, which I use for everyday work, or could I have OSSEC agent at independent computer, which function will be only to run OSSEC HIDS?

Honeypots and IDS are two different concepts on completely different ends of the spectrum.

Honeypots are non-production systems. They're based on the idea that a non-production system has no traffic going to it, so any traffic that is going to it, can be considered malicious. So if all you have on your network is production computers, then you will need an additional system setup to be used as a honeypot. Think of a honeypot as setting a trap to lure attackers to. The nice thing about honeypots is that they can catch attacks that wouldn't be detected by your typical signature based IDS system. The downside is that the attacker has to fall for the trap and infiltrate the honeypot in order for you to be alerted of such a breach.

IDS systems (whether HIDS or NIDS) are based on the opposite concept. They sift through all the legitimate data you have in order to find signatures or anomalies in network traffic, system memory, logs, etc and determine whether or not to flag it as malicious.

A good security policy to have would be to incorporate many layers into your security design. There are types of attacks that both will catch that the other will miss. The idea is to have multiple layers so that you can cover as many attack vectors as possible.

As far as a honeypot goes, check out the Honeywall CDROM. It is a great option that is really easy to install and will get you up and running with a honeypot/net on your network in no time.

As far as HIDS goes, OSSEC that you mention earlier is a good free open source option. You install the management server on a linux box and the from there you can install agents on any hosts that you want to protect and monitor.